├── lib ├── __init__.py ├── __pycache__ │ ├── __init__.cpython-311.pyc │ ├── cve_nvd.cpython-311.pyc │ ├── module_msf.cpython-311.pyc │ ├── vuln_exploitdb.cpython-311.pyc │ ├── vuln_exploitalert.cpython-311.pyc │ └── vuln_packetstormsecurity.cpython-311.pyc ├── vuln_packetstormsecurity.py ├── cve_nvd.py ├── vuln_exploitalert.py ├── module_msf.py └── vuln_exploitdb.py ├── requirements.txt ├── vendor ├── preview.png └── report.html ├── common ├── __pycache__ │ ├── nmap_parse.cpython-311.pyc │ └── out_parse.cpython-311.pyc ├── nmap_parse.py └── out_parse.py ├── LICENSE ├── README.md └── sicat.py /lib/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /requirements.txt: -------------------------------------------------------------------------------- 1 | requests==2.25.1 2 | colorama==0.4.6 3 | xmltodict==0.13.0 4 | -------------------------------------------------------------------------------- /vendor/preview.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/justakazh/sicat/HEAD/vendor/preview.png -------------------------------------------------------------------------------- /lib/__pycache__/__init__.cpython-311.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/justakazh/sicat/HEAD/lib/__pycache__/__init__.cpython-311.pyc -------------------------------------------------------------------------------- /lib/__pycache__/cve_nvd.cpython-311.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/justakazh/sicat/HEAD/lib/__pycache__/cve_nvd.cpython-311.pyc -------------------------------------------------------------------------------- /lib/__pycache__/module_msf.cpython-311.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/justakazh/sicat/HEAD/lib/__pycache__/module_msf.cpython-311.pyc -------------------------------------------------------------------------------- /common/__pycache__/nmap_parse.cpython-311.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/justakazh/sicat/HEAD/common/__pycache__/nmap_parse.cpython-311.pyc -------------------------------------------------------------------------------- /common/__pycache__/out_parse.cpython-311.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/justakazh/sicat/HEAD/common/__pycache__/out_parse.cpython-311.pyc -------------------------------------------------------------------------------- /lib/__pycache__/vuln_exploitdb.cpython-311.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/justakazh/sicat/HEAD/lib/__pycache__/vuln_exploitdb.cpython-311.pyc -------------------------------------------------------------------------------- /lib/__pycache__/vuln_exploitalert.cpython-311.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/justakazh/sicat/HEAD/lib/__pycache__/vuln_exploitalert.cpython-311.pyc -------------------------------------------------------------------------------- /lib/__pycache__/vuln_packetstormsecurity.cpython-311.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/justakazh/sicat/HEAD/lib/__pycache__/vuln_packetstormsecurity.cpython-311.pyc -------------------------------------------------------------------------------- /lib/vuln_packetstormsecurity.py: -------------------------------------------------------------------------------- 1 | import requests 2 | 3 | 4 | 5 | class PacketStormSecurity: 6 | def __init__(self): 7 | pass 8 | 9 | 10 | 11 | def find(self, keyword="", version=""): 12 | keyword = f"{keyword} {version}" 13 | resp = requests.get(f"https://packetstormsecurity.com/search/?q={keyword}") 14 | if resp.status_code == 200: 15 | return resp.text 16 | else: 17 | return False -------------------------------------------------------------------------------- /lib/cve_nvd.py: -------------------------------------------------------------------------------- 1 | import requests 2 | 3 | 4 | 5 | class NvdDB: 6 | def __init__(self): 7 | pass 8 | 9 | 10 | def find(self, keyword = "", version = ""): 11 | keyword = f"{keyword} {version}" 12 | keyword = keyword.replace(" ", "%20") 13 | resp = requests.get(f"https://services.nvd.nist.gov/rest/json/cves/2.0?keywordSearch={keyword}") 14 | if resp.status_code == 200: 15 | return resp.json() 16 | else: 17 | return False -------------------------------------------------------------------------------- /lib/vuln_exploitalert.py: -------------------------------------------------------------------------------- 1 | import requests 2 | 3 | 4 | 5 | class ExploitAlert: 6 | def __init__(self): 7 | pass 8 | 9 | def find(self, keyword="", version=""): 10 | keyword = f"{keyword} {version}" 11 | try: 12 | resp = requests.get(f"https://www.exploitalert.com/api/search-exploit?name={keyword}") 13 | if resp.status_code == 200: 14 | return resp.json() 15 | else: 16 | return False 17 | except: 18 | return False -------------------------------------------------------------------------------- /lib/module_msf.py: -------------------------------------------------------------------------------- 1 | import requests 2 | import json 3 | 4 | 5 | 6 | 7 | class MsfModule: 8 | def __init__(self): 9 | pass 10 | 11 | def find(self, keyword = "", version=""): 12 | try: 13 | datamod = [] 14 | keyword = f"{keyword.lower()} {version.lower()}" 15 | o = open("files/msf_module.json", "r").read() 16 | modules = json.loads(o) 17 | result = [data for data in modules if keyword in data['title']] 18 | return result 19 | except: 20 | return False 21 | pass -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2024 Justakazh (Akas Wisnu Aji) 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /common/nmap_parse.py: -------------------------------------------------------------------------------- 1 | import xmltodict 2 | import json 3 | 4 | class NmapParse: 5 | def __init__(self): 6 | pass 7 | 8 | 9 | 10 | def parse(self, file): 11 | output = [] 12 | o = open(file, "r").read() 13 | d = json.loads(json.dumps(xmltodict.parse(o))) 14 | # print(d['nmaprun']['host']['ports']['port']) 15 | for port in d['nmaprun']['host']['ports']['port']: 16 | try: 17 | if 'service' in port: 18 | if '@product' in port['service']: 19 | if '@version' in port['service']: 20 | output.append({ 21 | "service" : port['service']['@product'], 22 | "version" : port['service']['@version'] 23 | }) 24 | else: 25 | output.append({ 26 | "service" : port['service']['@product'], 27 | "version" : "" 28 | }) 29 | except Exception as e: 30 | return False 31 | 32 | return output 33 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | 2 | # SiCat - The useful exploit finder 3 | 4 | ![SiCat Preview](vendor/preview.png) 5 | 6 | 7 | ## Introduction 8 | 9 | SiCat is an advanced exploit search tool designed to identify and gather information about exploits from both open sources and local repositories effectively. With a focus on cybersecurity, SiCat allows users to quickly search online, finding potential vulnerabilities and relevant exploits for ongoing projects or systems. 10 | 11 | 12 | 13 | SiCat's main strength lies in its ability to traverse both online and local resources to collect information about relevant exploitations. This tool aids cybersecurity professionals and researchers in understanding potential security risks, providing valuable insights to enhance system security. 14 | 15 | 16 | 17 | ### SiCat Resources 18 | 19 | - [Exploit-DB](https://www.exploit-db.com/) 20 | - [Packetstorm Security](https://packetstormsecurity.com/) 21 | - [Exploit Alert](https://www.exploitalert.com/) 22 | - [NVD Database](https://nvd.nist.gov/) 23 | - [Metasploit Modules](https://github.com/rapid7/metasploit-framework/tree/master/modules) 24 | 25 | ## Installation 26 | 27 | ``` bash 28 | git clone https://github.com/justakazh/sicat.git && cd sicat 29 | 30 | pip install -r requirements.txt 31 | 32 | ``` 33 | 34 | 35 | 36 | ## Usage 37 | ```bash 38 | 39 | ~$ python sicat.py --help 40 | 41 | ``` 42 | 43 | ### Command Line Options: 44 | 45 | | Command | Description | 46 | | --- | --- | 47 | | `-h` | Show help message and exit | 48 | | `-k KEYWORD` | | 49 | | `-kv KEYWORK_VERSION` | | 50 | | `-nm` | Identify via nmap output | 51 | | `--nvd` | Use NVD as info source | 52 | | `--packetstorm` | Use PacketStorm as info source | 53 | | `--exploitdb` | Use ExploitDB as info source | 54 | | `--exploitalert` | Use ExploitAlert as info source | 55 | | `--msfmoduke` | Use metasploit as info source | 56 | | `-o OUTPUT` | Path to save output to | 57 | | `-ot OUTPUT_TYPE` | Output file type: json or html | 58 | 59 | 60 | ### Examples 61 | 62 | 63 | 64 | *From keyword* 65 | 66 | ``` 67 | 68 | python sicat.py -k telerik --exploitdb --msfmodule 69 | 70 | ``` 71 | 72 | 73 | 74 | *From nmap output* 75 | 76 | ``` 77 | 78 | nmap --open -sV localhost -oX nmap_out.xml 79 | python sicat.py -nm nmap_out.xml --packetstorm 80 | 81 | ``` 82 | 83 | ## To-do 84 | - [ ] Input from nmap result from pipeline 85 | - [ ] Nmap multiple host support 86 | - [ ] Search NSE Script 87 | - [ ] Search by PORT 88 | 89 | ## Contribution 90 | 91 | I'm aware that perfection is elusive in coding. If you come across any bugs, feel free to contribute by fixing the code or suggesting new features. Your input is always welcomed and valued. 92 | -------------------------------------------------------------------------------- /lib/vuln_exploitdb.py: -------------------------------------------------------------------------------- 1 | import requests 2 | 3 | class ExploitDB: 4 | def find(self, keyword="", version=""): 5 | keyword = f"{keyword} {version}" 6 | headers={ 7 | "X-Requested-With": "XMLHttpRequest" 8 | } 9 | resp = requests.get(f"https://www.exploit-db.com/?draw=5&columns%5B0%5D%5Bdata%5D=date_published&columns%5B0%5D%5Bname%5D=date_published&columns%5B0%5D%5Bsearchable%5D=true&columns%5B0%5D%5Borderable%5D=true&columns%5B0%5D%5Bsearch%5D%5Bvalue%5D=&columns%5B0%5D%5Bsearch%5D%5Bregex%5D=false&columns%5B1%5D%5Bdata%5D=download&columns%5B1%5D%5Bname%5D=download&columns%5B1%5D%5Bsearchable%5D=false&columns%5B1%5D%5Borderable%5D=false&columns%5B1%5D%5Bsearch%5D%5Bvalue%5D=&columns%5B1%5D%5Bsearch%5D%5Bregex%5D=false&columns%5B2%5D%5Bdata%5D=application_md5&columns%5B2%5D%5Bname%5D=application_md5&columns%5B2%5D%5Bsearchable%5D=true&columns%5B2%5D%5Borderable%5D=false&columns%5B2%5D%5Bsearch%5D%5Bvalue%5D=&columns%5B2%5D%5Bsearch%5D%5Bregex%5D=false&columns%5B3%5D%5Bdata%5D=verified&columns%5B3%5D%5Bname%5D=verified&columns%5B3%5D%5Bsearchable%5D=true&columns%5B3%5D%5Borderable%5D=false&columns%5B3%5D%5Bsearch%5D%5Bvalue%5D=&columns%5B3%5D%5Bsearch%5D%5Bregex%5D=false&columns%5B4%5D%5Bdata%5D=description&columns%5B4%5D%5Bname%5D=description&columns%5B4%5D%5Bsearchable%5D=true&columns%5B4%5D%5Borderable%5D=false&columns%5B4%5D%5Bsearch%5D%5Bvalue%5D=&columns%5B4%5D%5Bsearch%5D%5Bregex%5D=false&columns%5B5%5D%5Bdata%5D=type_id&columns%5B5%5D%5Bname%5D=type_id&columns%5B5%5D%5Bsearchable%5D=true&columns%5B5%5D%5Borderable%5D=false&columns%5B5%5D%5Bsearch%5D%5Bvalue%5D=&columns%5B5%5D%5Bsearch%5D%5Bregex%5D=false&columns%5B6%5D%5Bdata%5D=platform_id&columns%5B6%5D%5Bname%5D=platform_id&columns%5B6%5D%5Bsearchable%5D=true&columns%5B6%5D%5Borderable%5D=false&columns%5B6%5D%5Bsearch%5D%5Bvalue%5D=&columns%5B6%5D%5Bsearch%5D%5Bregex%5D=false&columns%5B7%5D%5Bdata%5D=author_id&columns%5B7%5D%5Bname%5D=author_id&columns%5B7%5D%5Bsearchable%5D=false&columns%5B7%5D%5Borderable%5D=false&columns%5B7%5D%5Bsearch%5D%5Bvalue%5D=&columns%5B7%5D%5Bsearch%5D%5Bregex%5D=false&columns%5B8%5D%5Bdata%5D=code&columns%5B8%5D%5Bname%5D=code.code&columns%5B8%5D%5Bsearchable%5D=true&columns%5B8%5D%5Borderable%5D=true&columns%5B8%5D%5Bsearch%5D%5Bvalue%5D=&columns%5B8%5D%5Bsearch%5D%5Bregex%5D=false&columns%5B9%5D%5Bdata%5D=id&columns%5B9%5D%5Bname%5D=id&columns%5B9%5D%5Bsearchable%5D=false&columns%5B9%5D%5Borderable%5D=true&columns%5B9%5D%5Bsearch%5D%5Bvalue%5D=&columns%5B9%5D%5Bsearch%5D%5Bregex%5D=false&order%5B0%5D%5Bcolumn%5D=9&order%5B0%5D%5Bdir%5D=desc&start=0&length=10000&search%5Bvalue%5D={keyword}&search%5Bregex%5D=false&author=&port=&type=&tag=&platform=&_=1706673207285", headers=headers) 10 | if resp.status_code == 200: 11 | return resp.json() 12 | else: 13 | return False 14 | 15 | -------------------------------------------------------------------------------- /sicat.py: -------------------------------------------------------------------------------- 1 | from lib.vuln_exploitdb import ExploitDB 2 | from lib.vuln_exploitalert import ExploitAlert 3 | from lib.vuln_packetstormsecurity import PacketStormSecurity 4 | from lib.module_msf import MsfModule 5 | from lib.cve_nvd import NvdDB 6 | from common.out_parse import Output 7 | from common.nmap_parse import NmapParse 8 | import argparse 9 | 10 | 11 | 12 | 13 | def main(args, keyword="", keyword_version=""): 14 | if keyword == None or args.nmap == None: 15 | pass 16 | else: 17 | Output.start(keyword, keyword_version) 18 | 19 | if args.exploitdb: 20 | if keyword_version != None: 21 | getnvd = ExploitDB.find(keyword, keyword_version) 22 | else: 23 | getnvd = ExploitDB.find(keyword) 24 | Output.exploitdb(getnvd) 25 | 26 | if args.exploitalert: 27 | if keyword_version != None: 28 | getnvd = ExploitAlert.find(keyword, keyword_version) 29 | else: 30 | getnvd = ExploitAlert.find(keyword) 31 | Output.exploitalert(getnvd) 32 | 33 | if args.packetstorm: 34 | if keyword_version != None: 35 | getnvd = PacketStormSecurity.find(keyword, keyword_version) 36 | else: 37 | getnvd = PacketStormSecurity.find(keyword) 38 | Output.packetstormsecurity(getnvd) 39 | 40 | if args.msfmodule: 41 | if keyword_version != None: 42 | getnvd = MsfModule.find(keyword, keyword_version) 43 | else: 44 | getnvd = MsfModule.find(keyword) 45 | Output.msfmodule(getnvd) 46 | 47 | if args.nvd: 48 | if keyword_version != None: 49 | getnvd = NvdDB.find(keyword, keyword_version) 50 | else: 51 | getnvd = NvdDB.find(keyword) 52 | Output.nvddb(getnvd) 53 | 54 | 55 | if args.output: 56 | if args.output_type == "json": 57 | Output.outJson(args.output) 58 | elif args.output_type == "html": 59 | Output.outHtml(args.output) 60 | else: 61 | Output.outJson(args.output) 62 | Output.outHtml(args.output) 63 | 64 | 65 | if __name__ == "__main__": 66 | #Initialize 67 | ExploitDB = ExploitDB() 68 | ExploitAlert = ExploitAlert() 69 | PacketStormSecurity = PacketStormSecurity() 70 | MsfModule = MsfModule() 71 | NvdDB = NvdDB() 72 | Output = Output() 73 | NmapParse = NmapParse() 74 | 75 | 76 | # print banner 77 | Output.banner() 78 | 79 | # Initialize the parser 80 | parser = argparse.ArgumentParser(description='Script to search for vulnerability and exploitation information.') 81 | 82 | # Add arguments 83 | parser.add_argument('-k','--keyword', type=str, help='File name or path to save the output') 84 | parser.add_argument('-kv','--keyword_version', type=str, help='File name or path to save the output') 85 | parser.add_argument('-nm','--nmap', type=str, help='Identify via nmap output') 86 | parser.add_argument('--nvd', action='store_true', help='Use NVD as a source of information') 87 | parser.add_argument('--packetstorm', action='store_true', help='Use PacketStorm as a source of information') 88 | parser.add_argument('--exploitdb', action='store_true', help='Use ExploitDB as a source of information') 89 | parser.add_argument('--exploitalert', action='store_true', help='Use ExploitAlert as a source of information') 90 | parser.add_argument('--msfmodule', action='store_true', help='Use metasploit module as a source of information') 91 | parser.add_argument('-o','--output', type=str, help='path to save the output') 92 | parser.add_argument('-ot','--output_type', type=str, help='output file type json and html') 93 | 94 | args = parser.parse_args() 95 | 96 | if args.nmap: 97 | nmparse = NmapParse.parse(args.nmap) 98 | if nmparse: 99 | for service in nmparse: 100 | main(args, service['service'], service['version']) 101 | else: 102 | print("[!] Only Supported for single host portscan result") 103 | else: 104 | keyword = args.keyword 105 | keyword_version = args.keyword_version 106 | main(args, keyword , keyword_version) 107 | -------------------------------------------------------------------------------- /vendor/report.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | SiCat Report 7 | 8 | 56 | 57 | 58 |
59 |

SiCat Report

60 |

61 | The useful exploit finder 62 |

63 |

64 | https://github.com/justakazh/sicat 65 |

66 |
67 | 68 |
69 |

Summary

70 |

71 | SiCat is an advanced exploit search tool designed to identify and gather information about exploits from both open sources and local repositories effectively. With a focus on cybersecurity, SiCat allows users to quickly search online, finding potential vulnerabilities and relevant exploits for ongoing projects or systems. 72 | 73 |

74 |

75 | SiCat's main strength lies in its ability to traverse both online and local resources to collect information about relevant exploitations. This tool aids cybersecurity professionals and researchers in understanding potential security risks, providing valuable insights to enhance system security. 76 | 77 |

78 |
79 | 80 | 81 | 82 |
83 |

Exploit-DB

84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 101 | 102 | 103 |
#TitleTypeLink
1GFI Mail Archiver 15.1 - Telerik UI Component Arbitrary File Upload (Unauthenticated) WebApps 99 | Visit 100 |
104 |
105 | 106 | 107 | 108 |
109 |

ExploitAlert

110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 125 | 126 | 127 |
#TitleLink
1GFI Mail Archiver 15.1 Telerik UI Component Arbitrary File Upload (Unauthenticated) 123 | Visit 124 |
128 |
129 | 130 | 131 |
132 |

PacketStrom Security

133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 148 | 149 | 150 |
#TitleLink
1GFI Mail Archiver 15.1 Arbitrary File Upload 146 | Visit 147 |
151 |
152 | 153 | 154 |
155 |

NVD Database

156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 171 | 172 | 173 |
IDDescriptionLink
CVE-2012-1036Cross-site scripting (XSS) vulnerability in the telerik HTML editor in DotNetNuke before 5.6.4 and 6.x before 6.1.0 allows remote attackers to inject arbitrary web script or HTML via a message. 169 | Visit 170 |
174 |
175 | 176 | 177 |
178 |

Metasploit Module

179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 196 | 197 | 198 |
#TitkeModuleLink
1Telerik ui asp.net ajax radasyncupload deserialization exploit/windows/http/telerik_rau_deserialization 194 | Visit 195 |
199 |
200 | 201 | 210 | 211 | 212 | 213 | 214 | 215 | 216 | 225 | 226 | 227 | -------------------------------------------------------------------------------- /common/out_parse.py: -------------------------------------------------------------------------------- 1 | from colorama import Fore, Back, Style 2 | import re 3 | import os 4 | import json 5 | 6 | class Output: 7 | def __init__(self): 8 | self.data = [] 9 | 10 | def banner(self): 11 | ascii_art = f""" 12 | _._ _,-'""`-._ 13 | (,-.`._,'( |\`-/| 14 | `-.-' \ )-`( , {Fore.RED}o o{Fore.WHITE}) 15 | `- \`_`"'- 16 | {Fore.RED}SiCat{Fore.WHITE} - The useful {Fore.RED}exploit{Fore.WHITE} finder 17 | @justakazh (https://github.com/justakazh/sicat) 18 | 19 | usage : sicat.py --help 20 | """ 21 | print(ascii_art) 22 | 23 | def start(self,keyword = "", version = ""): 24 | print("|") 25 | print(f"|{Fore.YELLOW}> Starting with Keyword : {keyword} {version} {Fore.WHITE}") 26 | print("|----------------------------------------") 27 | 28 | def exploitdb(self, content): 29 | try: 30 | if len(content['data']) != 0: 31 | print("|") 32 | print(f"|{Fore.GREEN}+ Exploit-DB Result {Fore.WHITE}") 33 | print("|--------------------") 34 | 35 | predata = [] 36 | for data in content['data']: 37 | print(f"|{Fore.BLUE}-{Fore.WHITE} Title : {data['description'][1]}") 38 | print(f"|{Fore.BLUE}-{Fore.WHITE} Type : {data['type_id']}") 39 | print(f"|{Fore.BLUE}-{Fore.WHITE} Link : https://www.exploit-db.com/exploits/{data['description'][0]}") 40 | print("|") 41 | print("|") 42 | 43 | predata.append({ 44 | "title" : data['description'][1], 45 | "type" : data['type_id'], 46 | "link" : f"https://www.exploit-db.com/exploits/{data['description'][0]}" 47 | }) 48 | print(f"|{Fore.BLUE}-{Fore.WHITE} Total Result : {Fore.GREEN}{len(content['data'])}{Fore.WHITE} Exploits Found!") 49 | self.data.append({"exploitdb" : predata}) 50 | else: 51 | print(f"|{Fore.RED}- No result in ExploitDB!{Fore.WHITE}") 52 | except: 53 | print(f"|{Fore.RED}- Internal Error - No result in ExploitDB!{Fore.WHITE}") 54 | 55 | def exploitalert(self, content): 56 | try: 57 | if len(content) != 0: 58 | print("|") 59 | print(f"|{Fore.GREEN}+ ExploitAlert Result {Fore.WHITE}") 60 | print("|------------------------") 61 | 62 | 63 | predata = [] 64 | for data in content: 65 | print(f"|{Fore.BLUE}-{Fore.WHITE} Title : {data['name']}") 66 | print(f"|{Fore.BLUE}-{Fore.WHITE} Link : https://www.exploitalert.com/view-details.html?id={data['id']}") 67 | print("|") 68 | print("|") 69 | 70 | 71 | predata.append({ 72 | "title" : data['name'], 73 | "link" : f"https://www.exploitalert.com/view-details.html?id={data['id']}" 74 | }) 75 | print(f"|{Fore.BLUE}-{Fore.WHITE} Total Result : {Fore.GREEN}{len(content)}{Fore.WHITE} Exploits Found!") 76 | self.data.append({"exploitalert" : predata}) 77 | else: 78 | print(f"|{Fore.RED}- No result in ExploitAlert!{Fore.WHITE}") 79 | except: 80 | print(f"|{Fore.RED}- Internal Error - No result in ExploitAlert!{Fore.WHITE}") 81 | 82 | def packetstormsecurity(self, content): 83 | try: 84 | reg = re.findall('
(.*?)
', content) 85 | if len(reg) != 0: 86 | print("|") 87 | print(f"|{Fore.GREEN}+ PacketStorm Result {Fore.WHITE}") 88 | print("|-----------------------") 89 | 90 | predata = [] 91 | for data in reg: 92 | print(f"|{Fore.BLUE}-{Fore.WHITE} Title : {data[2]}") 93 | print(f"|{Fore.BLUE}-{Fore.WHITE} Link : https://packetstormsecurity.com{data[0]}") 94 | print("|") 95 | print("|") 96 | 97 | predata.append({ 98 | "title" : data[2], 99 | "link" : f"https://packetstormsecurity.com{data[0]}" 100 | }) 101 | print(f"|{Fore.BLUE}-{Fore.WHITE} Total Result : {Fore.GREEN}{len(reg)}{Fore.WHITE} Exploits Found!") 102 | self.data.append({"packetstormsecurity" : predata}) 103 | else: 104 | print(f"|{Fore.RED}- No result in PacketStorm!{Fore.WHITE}") 105 | except: 106 | print(f"|{Fore.RED}- Internal Error - No result in PacketStorm!{Fore.WHITE}") 107 | 108 | 109 | 110 | def msfmodule(self, content): 111 | try: 112 | if len(content) != 0: 113 | print("|") 114 | print(f"|{Fore.GREEN}+ Metasploit Module Result {Fore.WHITE}") 115 | print("|------------------------------") 116 | 117 | 118 | predata = [] 119 | for data in content: 120 | print(f"|{Fore.BLUE}-{Fore.WHITE} Title : {data['title'].capitalize()}") 121 | print(f"|{Fore.BLUE}-{Fore.WHITE} Module : {data['module']}") 122 | print(f"|{Fore.BLUE}-{Fore.WHITE} Link : {data['link']}") 123 | print("|") 124 | print("|") 125 | 126 | predata.append({ 127 | "title" : data['title'], 128 | "module" : data['module'], 129 | "link" : data['link'] 130 | }) 131 | print(f"|{Fore.BLUE}-{Fore.WHITE} Total Result : {Fore.GREEN}{len(content)}{Fore.WHITE} Modules Found!") 132 | self.data.append({"msfmodule" : predata}) 133 | else: 134 | print(f"|{Fore.RED}- No result in Metasploit Module!{Fore.WHITE}") 135 | except: 136 | print(f"|{Fore.RED}- Internal Error - No result in Metasploit Module!{Fore.WHITE} ") 137 | 138 | 139 | def nvddb(self, content): 140 | try: 141 | if len(content['vulnerabilities']) != 0: 142 | print("|") 143 | print(f"|{Fore.GREEN}+ National Vulnearbility Database Result {Fore.WHITE}") 144 | print("|-----------------------------------------------") 145 | 146 | predata = [] 147 | for data in content['vulnerabilities']: 148 | print(f"|{Fore.BLUE}-{Fore.WHITE} ID : {data['cve']['id']}") 149 | print(f"|{Fore.BLUE}-{Fore.WHITE} Description : {data['cve']['descriptions'][0]['value']}") 150 | print(f"|{Fore.BLUE}-{Fore.WHITE} Link : https://nvd.nist.gov/vuln/detail/{data['cve']['id']}") 151 | print("|") 152 | print("|") 153 | 154 | predata.append({ 155 | "title" : data['cve']['id'], 156 | "description" : data['cve']['descriptions'][0]['value'], 157 | "link" : f"https://nvd.nist.gov/vuln/detail/{data['cve']['id']}" 158 | }) 159 | print(f"|{Fore.BLUE}-{Fore.WHITE} Total Result : {Fore.GREEN}{len(content)}{Fore.WHITE} CVEs Found!") 160 | self.data.append({"nvddb" : predata}) 161 | else: 162 | print("|") 163 | print(f"|{Fore.RED}- No result in National Vulnearbility Database!{Fore.WHITE}") 164 | except: 165 | print(f"|{Fore.RED}- Internal Error - No result in National Vulnearbility Database!{Fore.WHITE}") 166 | 167 | 168 | def outJson(self, location = ""): 169 | self.genOutDir(location) 170 | report = json.dumps(self.data, indent=4) 171 | open(f"{location}/report.json", "w").write(report) 172 | 173 | def outHtml(self, location = ""): 174 | self.genOutDir(location) 175 | html = """ 176 | SiCat Report

SiCat Report

The useful exploit finder

https://github.com/justakazh/sicat

Summary

SiCat is an advanced exploit search tool designed to identify and gather information about exploits from both open sources and local repositories effectively. With a focus on cybersecurity, SiCat allows users to quickly search online, finding potential vulnerabilities and relevant exploits for ongoing projects or systems.

SiCat's main strength lies in its ability to traverse both online and local resources to collect information about relevant exploitations. This tool aids cybersecurity professionals and researchers in understanding potential security risks, providing valuable insights to enhance system security.

""" 177 | 178 | for report in self.data: 179 | if "exploitdb" in report: 180 | html += """

Exploit-DB

""" 181 | num = 1 182 | for exploitdb in report['exploitdb']: 183 | html += f"" 184 | num += 1 185 | html += """
#TitleTypeLink
{num}{exploitdb['title']}{exploitdb['type']}visit
""" 186 | 187 | if "exploitalert" in report: 188 | html += """

ExploitAlert

""" 189 | num = 1 190 | for exploitalert in report['exploitalert']: 191 | html += f"" 192 | num += 1 193 | html += """
# Title Link
{num}{exploitalert['title']}visit
""" 194 | 195 | if "packetstormsecurity" in report: 196 | html += """

PacketStorm Security

""" 197 | num = 1 198 | for packetstormsecurity in report['packetstormsecurity']: 199 | html += f"" 200 | num += 1 201 | html += """
# Title Link
{num}{packetstormsecurity['title']}visit
""" 202 | 203 | if "nvddb" in report: 204 | html += """

NVD Database

""" 205 | for nvd in report['nvddb']: 206 | html += f"" 207 | html += """
ID Description Link
{nvd['title']}{nvd['description']}visit
""" 208 | 209 | if "msfmodule" in report: 210 | html += """

Metasploit Module

""" 211 | num = 1 212 | for msf in report['msfmodule']: 213 | html += f"" 214 | num += 1 215 | html += """
# Titke Module Link
{num} {msf['title']} {msf['module']} Visit
""" 216 | 217 | 218 | html += """""" 219 | 220 | open(f"{location}/report.html", "w").write(html) 221 | 222 | 223 | def genOutDir(self,locate): 224 | try: 225 | os.makedirs(locate, exist_ok=True) 226 | except: 227 | pass 228 | 229 | --------------------------------------------------------------------------------